Leo Reading

Software Engineer and Problem Solver From the USA

Bearer Token Displaying posts tagged with Bearer Token

I'm working on a project that has an MVC Web API that lives on a different server from an MVC5 application that needs to consume the API. Because the user information is stored in the same database as the rest of the information that the API is responsbile for, I decided to keep 100% of the data layer in the Web API.
In the near future, I'll write a post about how I accomplished managing the bearer token and user identity, but for now, I just want to give others a word of warning:
Do not use claims to store the bearer token. It will grow out of control, and you will be plagued with "Request too long" errors.
Because the bearer token is just another way of describing the user's identity, any claims associated with the user (including custom claims) will be included in that token. So now, we have a token being generated that describes the typical information about...